Facade Consent

http://fhir.patientsknowbest.com/structuredefinition/facade-consent

https://www.hl7.org/fhir/STU3/consent.html

Overview

PKB restricts access to data based on 4 privacy labels. A patient grants an actor permission to access 0 or more of those privacy labels.

The Consent resource represents which privacy labels the patient has permitted a specific actor to access. The privacy labels themselves are represented as a security label, taken from the same set of security labels that will be returned in Meta.security.

Note: Consent resources are themselves subject to consent filtering. As such, if a patient has a Consent resource for an Organization that the caller does not have consent to know about (i.e. the Organization has been tagged with a privacy label that has not been granted to the caller) then that Organization's consent will be silently omitted from the result set.

See also: $purview

Relevant PKB entities

Mappings

FHIR

PKB

Notes

FHIR

PKB

Notes

Resource id

[[Consent Record.Public ID]]

 

Consent.status

<conditional>
If [[Consent Record.Discharged]] is FALSE:   "active"
Else:   "inactive"

 

Consent.patient

A Reference to the [[Patient]] should be returned.

  • patient: Reference

    • reference = the relative URL of the Patient resource

    • display = [[User.Title]] [[User.Given Name]] [[User.Family Name]]

 

Consent.actor

Who the consent has been granted to.

  • actor: BackboneElement

    • role: CodeableConcept

    • reference: Reference

      • reference =  <conditional>

        • If consent has been granted to a [[Team]]:  the relative URL of the Organization (representing the Team)

        • Else if consent has been granted to an Individual [[Professional]]:  the relative URL of the Practitioner

        • Else if consent has been granted to a [[Patient]]:  a reference to a contained RelatedPerson instance (see RelatedPerson mappings)

      • display = <conditional>

        • If consent has been granted to a [[Team]]: [[Team.Name]]

        • Else if consent has been granted to an Individual [[Professional]]:  [[User.Title]] [[User.Given Name]] [[User.Family Name]]

        • Else if consent has been granted to a [[Patient]]:  [[User.Title]] [[User.Given Name]] [[User.Family Name]]

 

Consent.policy

 

Consent.except

For each privacy label the actor has been granted consent for, an "except" element should be returned.

The idea here is that the overall Consent resource represents a "policy". The PKB policy for consent is "opt-in" in the sense that the patient specifies what someone can see, rather than what they cannot see. So this Consent resource means the actor cannot see anything, except the entries in the "except" list.

Note - we need one except entry for each privacy label because the FHIR specs state that if multiple security labels are included in one list, then the corresponding data needs to have all those labels, but PKB operates a single-label policy.